Merge branch 'main' into dgst-cli

justsmth · web-flow · commit 4d99dbbc0dd2 · 2025-09-17T12:41:03.000-04:00
diff --git a/.github/workflows/actions-ci.yml b/.github/workflows/actions-ci.yml
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -5,7 +5,7 @@ cmake_policy(SET CMP0091 NEW)
 endif()
 
 set(SOFTWARE_NAME "awslc")
-set(SOFTWARE_VERSION "1.60.0")
+set(SOFTWARE_VERSION "1.61.0")
 set(ABI_VERSION 0)
 set(CRYPTO_LIB_NAME "crypto")
 set(SSL_LIB_NAME "ssl")
@@ -31,6 +31,26 @@ endif()
 
 include(sources.cmake)
 include(TestBigEndian)
+include(CheckCCompilerFlag)
+
+macro(add_flag_if_supported VARIABLE FLAG)
+  # Create a safe, unique variable name to cache the result of the check
+  string(MAKE_C_IDENTIFIER "HAVE_C_FLAG_${FLAG}" _CHECK_VAR_NAME)
+
+  # Keep configure output tidy
+  set(CMAKE_REQUIRED_QUIET ${CMAKE_NOT_VERBOSE})
+
+  # Run the check only once to speed up re-configuration
+  if(NOT DEFINED ${_CHECK_VAR_NAME})
+    check_c_compiler_flag("${FLAG}" ${_CHECK_VAR_NAME})
+  endif()
+
+  # If the check passed, append the flag to the specified variable
+  if(${_CHECK_VAR_NAME})
+    set(${VARIABLE} "${${VARIABLE}} ${FLAG}")
+    message(STATUS "Compiler supports '${FLAG}', adding to ${VARIABLE}")
+  endif()
+endmacro()
 
 if(POLICY CMP0077)
   cmake_policy(SET CMP0077 NEW) #option does nothing when a normal variable of the same name exists.
@@ -474,12 +494,9 @@ if(GCC OR CLANG)
   endif()
   set(C_CXX_FLAGS "${C_CXX_FLAGS} -Werror -Wformat=2 -Wsign-compare -Wmissing-field-initializers -Wwrite-strings")
 
-  if((GCC AND CMAKE_C_COMPILER_VERSION VERSION_GREATER "8") OR
-     (CMAKE_C_COMPILER_ID MATCHES "Clang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS "13"))
-    # GCC 8.x added a warning called -Wcast-function-type to the -Wextra umbrella.
-    # Also suppress for all clang versions supporting this warning.
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-cast-function-type")
-  endif()
+  # GCC 8.x added a warning called -Wcast-function-type to the -Wextra umbrella.
+  # Also suppress for all clang versions supporting this warning.
+  add_flag_if_supported(CMAKE_C_FLAGS "-Wno-cast-function-type")
 
   if(CMAKE_BUILD_TYPE_LOWER STREQUAL "debug" OR CMAKE_BUILD_TYPE_LOWER STREQUAL "relwithdebinfo")
     if (MSVC)
@@ -503,31 +520,24 @@ if(GCC OR CLANG)
 
   if(CLANG)
     set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wnewline-eof -fcolor-diagnostics")
-  elseif(CMAKE_C_COMPILER_VERSION VERSION_GREATER "4.1.3")
+  else()
     # GCC (at least 4.8.4) has a bug where it'll find unreachable free() calls
     # and declare that the code is trying to free a stack pointer. GCC 4.1.3 and lower
     # doesn't support this flag and can't use it.
-    set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wno-free-nonheap-object")
+    add_flag_if_supported(C_CXX_FLAGS "-Wno-free-nonheap-object")
     # GCC (from at least 4.8) does not include -Wmissing-braces in -Wall due to Bug 25137.
     # This warning is turned on everywhere internally however, so we have to define it here
     # to check that our changes don't break the build.
     # See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=25137
-    set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wmissing-braces")
+    add_flag_if_supported(C_CXX_FLAGS "-Wmissing-braces")
   endif()
 
   # -Wstring-concatenation was added in Clang 12.0.0, which corresponds to
   # AppleClang 13.0.0 per the table in
   # https://en.wikipedia.org/wiki/Xcode#Toolchain_versions
-  if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND
-          NOT(CMAKE_C_COMPILER_VERSION VERSION_LESS "12.0.0")) OR
-  (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND
-          NOT(CMAKE_C_COMPILER_VERSION VERSION_LESS "13.0.0")))
-    set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wstring-concatenation")
-  endif()
+  add_flag_if_supported(C_CXX_FLAGS "-Wstring-concatenation")
 
-  if(CLANG OR NOT "7.0.0" VERSION_GREATER CMAKE_C_COMPILER_VERSION)
-    set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wimplicit-fallthrough")
-  endif()
+  add_flag_if_supported(C_CXX_FLAGS "-Wimplicit-fallthrough")
 
   if(CMAKE_COMPILER_IS_GNUCXX AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER "5")
     set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wformat-signedness")
@@ -674,11 +684,7 @@ if(WIN32)
   add_definitions("-D_STL_EXTRA_DISABLED_WARNINGS=4774 4987")
 endif()
 
-if((GCC AND CMAKE_C_COMPILER_VERSION VERSION_GREATER "4.9.99") OR
-   CLANG)
-  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow")
-  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wshadow")
-endif()
+add_flag_if_supported(C_CXX_FLAGS "-Wshadow")
 
 # pthread_rwlock_t on Linux requires a feature flag. We limit this to Linux
 # because, on Apple platforms, it instead disables APIs we use. See compat(5)
diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c
@@ -246,7 +246,7 @@ static void BORINGSSL_maybe_set_module_text_permissions(int permission) {
     perror("BoringSSL: mprotect");
   }
 }
-#else
+#elif !defined(OPENSSL_WINDOWS)
 static void BORINGSSL_maybe_set_module_text_permissions(int _permission) {}
 #endif  // !ANDROID
 
diff --git a/crypto/fipsmodule/evp/evp.c b/crypto/fipsmodule/evp/evp.c
@@ -171,7 +171,7 @@ int EVP_read_pw_string_min(char *buf, int min_length, int length,
   int ret = -1;
   char verify_buf[1024];
 
-  if (!buf || min_length <= 0 || min_length >= length) {
+  if (!buf || min_length < 0 || min_length >= length) {
     return -1;
   }
 
diff --git a/crypto/fipsmodule/ml_kem/ml_kem_test.cc b/crypto/fipsmodule/ml_kem/ml_kem_test.cc
@@ -42,7 +42,7 @@ struct MLKEMKeypairTestVector {
 };
 
 
-static constexpr MLKEMKeypairTestVector keypairParameterSet[] = {
+static const MLKEMKeypairTestVector keypairParameterSet[] = {
   {
     MLKEM512_PUBLIC_KEY_BYTES,
     MLKEM512_SECRET_KEY_BYTES,
@@ -516,7 +516,7 @@ struct MLKEMEncapsulateTestVector {
   int (*encapsulate)(uint8_t *ciphertext, size_t *ciphertext_len, uint8_t *shared_secret, size_t *shared_secret_len, const uint8_t *public_key);
 };
 
-static constexpr MLKEMEncapsulateTestVector encapsulateParameterSet[] = {
+static const MLKEMEncapsulateTestVector encapsulateParameterSet[] = {
   {
     MLKEM512_CIPHERTEXT_BYTES,
     MLKEM512_SHARED_SECRET_LEN,
@@ -1571,7 +1571,7 @@ struct MLKEMDecapsulateTestVector {
   int (*decapsulate)(uint8_t *shared_secret, size_t *shared_secret_len, const uint8_t *ciphertext, const uint8_t *secret_key);
 };
 
-static constexpr MLKEMDecapsulateTestVector decapsulateParameterSet[] = {
+static const MLKEMDecapsulateTestVector decapsulateParameterSet[] = {
   {
     MLKEM512_SHARED_SECRET_LEN,
     ciphertext512,
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
@@ -109,7 +109,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
       cb = PEM_def_callback;
     }
     int pass_len = cb(psbuf, PEM_BUFSIZE, 0, u);
-    if (pass_len <= 0) {
+    if (pass_len < 0) {
       OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_PASSWORD_READ);
       X509_SIG_free(p8);
       goto err;
diff --git a/include/openssl/base.h b/include/openssl/base.h
@@ -122,7 +122,7 @@ extern "C" {
 // ServiceIndicatorTest.AWSLCVersionString
 // Note: there are two versions of this test. Only one test is compiled
 // depending on FIPS mode.
-#define AWSLC_VERSION_NUMBER_STRING "1.60.0"
+#define AWSLC_VERSION_NUMBER_STRING "1.61.0"
 
 #if defined(BORINGSSL_SHARED_LIBRARY)
 
diff --git a/tests/ci/cdk/cdk/codebuild/github_ci_integration_omnibus.yaml b/tests/ci/cdk/cdk/codebuild/github_ci_integration_omnibus.yaml
@@ -311,7 +311,7 @@ batch:
         variables:
           AWS_LC_CI_TARGET: "tests/ci/integration/run_cyrus_sasl_integration.sh"
 
-    - identifier: amazon_corretto_crypto_provider_integration_x86_64
+    - identifier: amazon_corretto_crypto_provider_nonfips_integration_x86_64
       buildspec: tests/ci/codebuild/common/run_simple_target.yml
       env:
         type: LINUX_CONTAINER
@@ -320,6 +320,18 @@ batch:
         image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-22.04_gcc-12x_integration_latest
         variables:
           AWS_LC_CI_TARGET: "tests/ci/integration/run_accp_integration.sh"
+          ACCP_FIPS: "false"
+
+    - identifier: amazon_corretto_crypto_provider_fips_integration_x86_64
+      buildspec: tests/ci/codebuild/common/run_simple_target.yml
+      env:
+        type: LINUX_CONTAINER
+        privileged-mode: false
+        compute-type: BUILD_GENERAL1_2XLARGE
+        image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-22.04_gcc-12x_integration_latest
+        variables:
+          AWS_LC_CI_TARGET: "tests/ci/integration/run_accp_integration.sh"
+          ACCP_FIPS: "true"
 
     - identifier: nmap_integration_x86_64
       buildspec: tests/ci/codebuild/common/run_simple_target.yml
diff --git a/tests/ci/codebuild/common/run_x509_limbo_reports_target.yml b/tests/ci/codebuild/common/run_x509_limbo_reports_target.yml
@@ -8,10 +8,6 @@ env:
     GOPROXY: https://proxy.golang.org,direct
 
 phases:
-  install:
-    commands:
-      - nohup /usr/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://127.0.0.1:2375 &
-      - timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
   build:
     commands:
       - "./${AWS_LC_CI_TARGET}"
diff --git a/tests/ci/docker_images/linux-x86/amazonlinux-2023_base/Dockerfile b/tests/ci/docker_images/linux-x86/amazonlinux-2023_base/Dockerfile
@@ -33,7 +33,9 @@ RUN set -ex && \
     valgrind \
     # valgrind/memcheck.h is provided by the valgrind-devel package on AL2. see P63119011.
     valgrind-devel \
-    unzip && \
+    unzip \
+    patch \
+    jq && \
     wget https://raw.githubusercontent.com/aws/aws-codebuild-docker-images/master/al/x86_64/standard/5.0/amazon-ssm-agent.json -P /etc/amazon/ssm/ && \
     # Based on https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html
     curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && \
diff --git a/tests/ci/docker_images/linux-x86/amazonlinux-2023_x509/Dockerfile b/tests/ci/docker_images/linux-x86/amazonlinux-2023_x509/Dockerfile
@@ -1,16 +1,13 @@
 # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0 OR ISC
 
-FROM amazonlinux-2023:clang-15x
+FROM amazonlinux-2023:gcc-11x
 
 SHELL ["/bin/bash", "-c"]
 
 RUN set -ex && \
     dnf -y upgrade --releasever=latest && dnf install -y \
-    docker \
-    openssl-devel \
-    patch \
-    jq && \
+    openssl-devel && \
     dnf clean packages && \
     dnf clean metadata && \
     dnf clean all && \
@@ -21,8 +18,13 @@ RUN curl -fsSL https://pyenv.run | bash
 
 ENV PATH="/root/.pyenv/bin:${PATH}"
 RUN eval "$(pyenv init -)" && \
-    pyenv install 3.13.1
+    pyenv install 3.13.7
 
-ENV PATH="/root/.pyenv/versions/3.13.1/bin:${PATH}"
-ENV CC=clang
-ENV CXX=clang++
+ENV PATH="/root/.pyenv/versions/3.13.7/bin:${PATH}"
+
+RUN git clone https://github.com/C2SP/x509-limbo.git /x509-limbo && \
+    cd /x509-limbo && \
+    python3 -m venv .venv && \
+    source .venv/bin/activate && \
+    pip install -e . && \
+    deactivate
diff --git a/tests/ci/integration/run_accp_integration.sh b/tests/ci/integration/run_accp_integration.sh
@@ -8,12 +8,13 @@ source tests/ci/common_posix_setup.sh
 # Assumes script is executed from the root of aws-lc directory
 SCRATCH_FOLDER=${SRC_ROOT}/"scratch"
 ACCP_SRC="${SCRATCH_FOLDER}/amazon-corretto-crypto-provider"
+ACCP_FIPS=${ACCP_FIPS:-"false"}
 
 function build_and_test_accp() {
   pushd "${ACCP_SRC}"
   export JAVA_HOME=$(readlink -f /usr/bin/javac | sed "s:/bin/javac::")
   export PATH=$JAVA_HOME/bin:$PATH
-  ./gradlew -DAWSLC_SRC_DIR="${SRC_ROOT}" -DAWSLC_GITVERSION="HEAD" test
+  ./gradlew -DAWSLC_SRC_DIR="${SRC_ROOT}" -DAWSLC_GITVERSION="HEAD" -DFIPS="$ACCP_FIPS" test
   popd
 }
 
diff --git a/tests/ci/run_windows_tests.bat b/tests/ci/run_windows_tests.bat
@@ -9,6 +9,11 @@ set MSVC_PATH=%1
 set ARCH_OPTION=%2
 if "%~3"=="" ( set RUN_SDE=false ) else ( set RUN_SDE=%3 )
 call %MSVC_PATH% %ARCH_OPTION% || goto error
+
+if /i "%ARCH_OPTION%" == "arm64" (
+  set "CC=clang-cl"
+  set "CXX=clang-cl"
+)
 SET
 
 @echo on
@@ -35,9 +40,11 @@ call :build_and_test Release "-DOPENSSL_NO_ASM=1" || goto error
 @rem tests or copy them around so Windows can find it in the same directory. Instead just put the dll's location onto the path
 set PATH=%BUILD_DIR%;%BUILD_DIR%\crypto;%BUILD_DIR%\ssl;%PATH%
 call :build_and_test Release "-DBUILD_SHARED_LIBS=1" || goto error
-call :build_and_test Release "-DBUILD_SHARED_LIBS=1 -DFIPS=1" || goto error
-@rem For FIPS on Windows we also have a RelWithDebInfo build to generate debug symbols.
-call :build_and_test RelWithDebInfo "-DBUILD_SHARED_LIBS=1 -DFIPS=1" || goto error
+if /i not "%ARCH_OPTION%" == "arm64" (
+    call :build_and_test Release "-DBUILD_SHARED_LIBS=1 -DFIPS=1" || goto error
+    @rem For FIPS on Windows we also have a RelWithDebInfo build to generate debug symbols.
+    call :build_and_test RelWithDebInfo "-DBUILD_SHARED_LIBS=1 -DFIPS=1" || goto error
+)
 
 @rem On Windows, CMake defaults to dynamically linking to the Windows C-runtime.
 @rem We test statically linking CRT to our static library.
diff --git a/tests/ci/run_x509_limbo.sh b/tests/ci/run_x509_limbo.sh
@@ -12,7 +12,7 @@ source tests/ci/common_posix_setup.sh
 
 SCRATCH_DIR="${SYS_ROOT}/scratch"
 X509_CI_DIR="${SRC_ROOT}/tests/ci/x509"
-X509_LIMBO_SRC="${SCRATCH_DIR}/x509-limbo"
+X509_LIMBO_SRC="${X509_LIMBO_SRC:-/x509-limbo}" # Should be by the docker image
 BASE_COMMIT_SRC="${SYS_ROOT}/base-src"
 
 # If BASE_REF is set in the environment we will use that, this provides a mechanism for a user to manually kick off
@@ -23,38 +23,61 @@ BASE_COMMIT_SRC="${SYS_ROOT}/base-src"
 BASE_REF="${BASE_REF:-${CODEBUILD_WEBHOOK_BASE_REF:-${CODEBUILD_WEBHOOK_PREV_COMMIT:?}}}"
 
 function build_reporting_tool() {
-    pushd "${X509_CI_DIR}/limbo-report"
+    pushd "${X509_CI_DIR}/limbo-report" 2>&1 >/dev/null
     make
     mv ./limbo-report "${SCRATCH_DIR}/"
-    popd # "${X509_CI_DIR}/limbo-report"
+    popd 2>&1 >/dev/null # "${X509_CI_DIR}/limbo-report"
 }
 
 function setup_x509_limbo() {
-    git clone https://github.com/C2SP/x509-limbo.git "${X509_LIMBO_SRC}"
-    pushd "${X509_LIMBO_SRC}"
+    pushd "${X509_LIMBO_SRC}" 2>&1 >/dev/null
     patch -p1 -i "${X509_CI_DIR}/x509-limbo.patch"
-    python3 -m venv .venv
-    source .venv/bin/activate
-    pip install -e .
-    popd # "${X509_LIMBO_SRC}"
+    popd 2>&1 >/dev/null # "${X509_LIMBO_SRC}"
+}
+
+function build_aws_lc() {
+    local BUILD_DIR
+    BUILD_DIR=$(mktemp -d)
+    cmake -B "${BUILD_DIR}" -S "${1}" -GNinja \
+        -DBUILD_SHARED_LIBS=1 \
+        -DCMAKE_BUILD_TYPE=Debug \
+        -DCMAKE_INSTALL_PREFIX="${2}"
+    cmake --build "${BUILD_DIR}"
+    cmake --install "${BUILD_DIR}"
+    rm -rf "${BUILD_DIR}"
+}
+
+function build_aws_lc_harness() {
+    local HARNESS_SRC
+    HARNESS_SRC="${X509_LIMBO_SRC}/harness/aws-lc"
+    local PKG_CONFIG_PATH
+    PKG_CONFIG_PATH="${1}/lib64/pkgconfig"
+
+    pushd "${HARNESS_SRC}" 2>&1 >/dev/null
+    PKG_CONFIG_PATH="${PKG_CONFIG_PATH}" make 2>&1 >/dev/null
+
+    local HARNESS 
+    HARNESS="$(mktemp harnessXXX)"
+
+    mv main "${HARNESS}"
+
+    popd 2>&1 >/dev/null # "${HARNESS_SRC}"
+
+    echo "${HARNESS_SRC}/${HARNESS}"
 }
 
 function run_aws_lc_harness() {
-    pushd "${X509_LIMBO_SRC}"
+    pushd "${X509_LIMBO_SRC}" 2>&1 >/dev/null
     set +e
-    AWS_LC_SRC_DIR="${1}" make test-aws-lc
+    make run ARGS="harness --output ./results/aws-lc.json -- ${1}"
     if [ ! -f "${X509_LIMBO_SRC}/results/aws-lc.json" ]; then
-        echo "Failed to run x509-limbo harness for AWS_LC_SRC_DIR=${1}"
+        echo "Failed to run x509-limbo harness: ${1}"
         exit 1
     fi
     set -e
-    popd # "${X509_LIMBO_SRC}"
+    popd 2>&1 >/dev/null # "${X509_LIMBO_SRC}"
 }
 
-# Log Docker hub limit https://docs.docker.com/docker-hub/download-rate-limit/#how-can-i-check-my-current-rate
-TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)
-curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest
-
 git worktree add "${BASE_COMMIT_SRC}" "${BASE_REF:?}"
 
 mkdir -p "${SCRATCH_DIR}"
@@ -68,12 +91,16 @@ REPORTS_DIR="${SRC_ROOT}/x509-limbo-reports"
 mkdir -p "${REPORTS_DIR}"
 
 # Build run x509-limbo on current src of event
-run_aws_lc_harness "${SRC_ROOT}"
+build_aws_lc "${SRC_ROOT}" "/opt/aws-lc-after"
+AFTER_HARNESS="$(build_aws_lc_harness "/opt/aws-lc-after")"
+run_aws_lc_harness "${AFTER_HARNESS}"
 "${SCRATCH_DIR}/limbo-report" annotate "${X509_LIMBO_SRC}/limbo.json" "${X509_LIMBO_SRC}/results/aws-lc.json" > "${REPORTS_DIR}/base.json"
 "${SCRATCH_DIR}/limbo-report" annotate -csv "${X509_LIMBO_SRC}/limbo.json" "${X509_LIMBO_SRC}/results/aws-lc.json" > "${REPORTS_DIR}/base.csv"
 
 # Build run x509-limbo on the base src for event
-run_aws_lc_harness "${BASE_COMMIT_SRC}"
+build_aws_lc "${BASE_COMMIT_SRC}" "/opt/aws-lc-before"
+BEFORE_HARNESS="$(build_aws_lc_harness "/opt/aws-lc-before")"
+run_aws_lc_harness "${BEFORE_HARNESS}"
 "${SCRATCH_DIR}/limbo-report" annotate "${X509_LIMBO_SRC}/limbo.json" "${X509_LIMBO_SRC}/results/aws-lc.json" > "${REPORTS_DIR}/changes.json"
 "${SCRATCH_DIR}/limbo-report" annotate -csv "${X509_LIMBO_SRC}/limbo.json" "${X509_LIMBO_SRC}/results/aws-lc.json" > "${REPORTS_DIR}/changes.csv"
 
diff --git a/tests/ci/setup.py b/tests/ci/setup.py
diff --git a/tests/ci/x509/x509-limbo.patch b/tests/ci/x509/x509-limbo.patch
diff --git a/third_party/jitterentropy/CMakeLists.txt b/third_party/jitterentropy/CMakeLists.txt

Original file line number	Diff line number	Diff line change
`@@ -246,7 +246,7 @@ static void BORINGSSL_maybe_set_module_text_permissions(int permission) {`
`246`	`246`	`perror("BoringSSL: mprotect");`
`247`	`247`	`}`
`248`	`248`	`}`
`249`		`-#else`
	`249`	`+#elif !defined(OPENSSL_WINDOWS)`
`250`	`250`	`static void BORINGSSL_maybe_set_module_text_permissions(int _permission) {}`
`251`	`251`	`#endif // !ANDROID`
`252`	`252`
Original file line number	Diff line number	Diff line change
`@@ -171,7 +171,7 @@ int EVP_read_pw_string_min(char *buf, int min_length, int length,`
`171`	`171`	`int ret = -1;`
`172`	`172`	`char verify_buf[1024];`
`173`	`173`
`174`		`- if (!buf \|\| min_length <= 0 \|\| min_length >= length) {`
	`174`	`+ if (!buf \|\| min_length < 0 \|\| min_length >= length) {`
`175`	`175`	`return -1;`
`176`	`176`	`}`
`177`	`177`
Original file line number	Diff line number	Diff line change
`@@ -109,7 +109,7 @@ EVP_PKEY PEM_read_bio_PrivateKey(BIO bp, EVP_PKEY *x, pem_password_cb cb,`
`109`	`109`	`cb = PEM_def_callback;`
`110`	`110`	`}`
`111`	`111`	`int pass_len = cb(psbuf, PEM_BUFSIZE, 0, u);`
`112`		`- if (pass_len <= 0) {`
	`112`	`+ if (pass_len < 0) {`
`113`	`113`	`OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_PASSWORD_READ);`
`114`	`114`	`X509_SIG_free(p8);`
`115`	`115`	`goto err;`